Following a recent flurry of cyber attacks exposing the inadequacies of IoT security, a healthcare-focused consortium, led by network security engineers from City University London and the Indian Institute of Technology Kharagpur, is looking to blockchain for answers.
The consortium, drawn from academia and industry, was set up following the WannaCry ransomware attack in May, which hit organizations across the globe, including the UK’s National Health Service. There, the attack forced hospitals to cancel operations and left staff recording vital patient data using pen and paper.
“Our consortium will be exploring the use of a privacy-preserving blockchain architecture for IoT applications in healthcare data-sharing, using attribute-based encryption (ABE) to provide greater security for the devices,” said Professor Muttukrishnan Rajarajan, member of the consortium and professor of network engineering at City University, London.
“Due to low voltage powering many devices drawn together by the IoT, the use of these devices is frequently compromised by their lack of sophisticated security measures,” Rajarajan added.
The argument for better security in IoT devices is not new. With everything from toothbrushes to sex toys now being connected to the internet, the race for connectivity has seen security remain an afterthought in many cases. The worrying, yet typical, response of the culpable device manufacturers is that they are not technology companies and are, therefore, unable to provide the requisite patches or updates to protect their devices – see the case, for example, of the hackable Miele washing machine.
The problem now is that concern about IoT security has extended beyond the in-the-know in the technology community. Cyber attacks on mainstream organizations means that many consumers, too, have become aware of the flaws in IoT devices, and there is reason to believe that this concern will feed into their purchasing decisions unless a security by design approach is quickly adopted by device makers.
Security by blockchain
Solutions to the problem are being sought, however, with many concerned IoT security enthusiasts looking to blockchain technology as an answer. As David Stephenson, principal of Stephenson Strategies, and an IoT consultant, recently wrote for Internet of Business, “If the public and corporations lose confidence in the IoT, the impact will be severe and lasting.”
Blockchain “is a cryptographic system which assigns a 32-digit ‘hash’ to each part of a complex transaction, which becomes a ‘block’, which is also given a date stamp,” Stephenson writes.
Blockchain has typically been deployed in financial environments; however, it also appears to be ideal for IoT because “limitless numbers of blocks detailing each part of the transaction can then be linked into a blockchain, and each participant validates each new block though an algorithm. The result parallels a paper ledger used in the past to catalog transactions, with an important difference: it is distributed, and not controlled by any single user.”
These benefits are echoed by Professor Rajarajan, who cites the following as blockchain’s key advantages for IoT:
- The sensor data generated by IoT devices will be rigorously verified by a number of data miners in the blockchain network for legitimacy before being accepted, which will mitigate several security attacks including data manipulation;
- Once the data is accepted and appended to the blockchain, the data will not be intercepted. There is no central authority or storage sever and therefore the trust of each node will be built by reputation;
- If there is a malicious node propagating false data, it can be identified by data miners and the reputation of the node will be damaged.
Blockchain may provide one answer, but IoT security extends beyond whatever technology is used. In other words, attitudes and practices need to change, too. It remains to be seen whether business and consumer attitudes to IoT security will also change in the coming months.
Four weeks to go: On 12 & 13 September 2017, Internet of Business will be holding its Internet of Health EMEA event in Amsterdam, The Netherlands. This event will focus on revolutionizing health through IoT for improved insight and patient care.